If I could add further to these two useful answers (and on the topic of "GPG"). If you need to be utterly certain of who sent the file, as opposed to whether the file has changed in transit, you need to use some implementation of digital signatures - see http://en.wikipedia.org/wiki/Digital_signature